Slackware: 'rsync' Remote command execution
Posted by LinuxSecurity.com Team   
Slackware There exist several signedness bugs within the rsync program which allow remote attackers to write 0-bytes to almost arbitrary stack-locations, therefore being able to control the programflow and obtaining a shell remotely.


New rsync packages are available to fix a security problem.

Here's the information from the Slackware 8.0 ChangeLog:

Fri Jan 25 14:25:51 PST 2002
patches/packages/rsync.tgz:  Fixed a security hole by upgrading to
  rsync-2.4.8pre1.  This is the relevant information from the rsync NEWS file:

  SECURITY FIXES:

    * Signedness security patch from Sebastian Krahmer
      <krahmer@suse.de> -- in some cases we were not sufficiently
      careful about reading integers from the network.

(* Security fix *)

We recommend that sites providing external rsync access upgrade to the fixed
rsync package as soon as possible.


WHERE TO FIND THE NEW PACKAGE:
------------------------------
Updated rsync package for Slackware 8.0: 
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/rsync.tgz

Updated rsync package for Slackware 7.1: 
ftp://ftp.slackware.com/pub/slackware/slackware-7.1/patches/packages/rsync.tgz


MD5 SIGNATURE:
--------------

Here are the md5sums for the packages:

Slackware 8.0:
1e87ef764968bc9da53e38eadf8a7d22  rsync.tgz

Slackware 7.1:
294079e04b18dafddee820468aad3a16  rsync.tgz


INSTALLATION INSTRUCTIONS:
--------------------------

Simply upgrade as root:

   # upgradepkg rsync.tgz


Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
   http://www.slackware.com